Richard Groves

25 years’ experience in the financial sector through a diverse and wide range of roles. Certified in Risk
and Information Systems Control (CRISC), a Practitioner in Prince2 Risk Management, with foundation
qualifications in Cyber Security (NCSC) and IT Service Management (ITIL4). Able to identify, evaluate, and
manage information systems and technology risk, utilizing NIST, ISO, COBIT and ITIL frameworks, best
practices and standards to help enterprises achieve their business objectives. Technology Risk, controls
and assurance orientated, able to identify, assess, respond, mitigate, monitor, and report IT risk, with a
track record of governance, compliance, continual improvement, and process innovation in Technology.
Expertise in identifying efficiencies and effectiveness in operations, which result in significant reduction in
cost, high customer satisfaction, and improved productivity of the team. Building rapport and establishing
trusted relationships with a wide range of stakeholders is one of my strengths.

Work Experience

Technology Risk & Assurance Analyst

Chetwood Bank-Wrexham/Remote/England/UK

January 2025 to Present

KEY ACHIEVEMENTS
• Ensured strategic and tactical objectives were underpinned by prudent and cost-effective controls
by overseeing 1st line risk management activities across Technology. Created a 90-day observation
paper providing insight and initial thoughts and opinions of 1LOD, 2LOD and the Technology department.
Articulated the Technology suite of controls approved by 2LOD. Aligned Technology 1st Line Risk
Management practices to the Enterprise Risk Management Framework and ensured linkage to the overall
Technology Risk Register. Proposed several measures and best practices to standardise and structure
Technology Risk Management to enhance enterprise awareness, secure executive sponsorship, and
develop auditable, compliant, monitorable and enforceable risk management methodologies to facilitate
reliable data and prevent subjective outcomes.

RESPONSIBILITIES
• Provide challenge, support and guidance to the technology leadership team, and risk and control
requirements to ensure conformance to the requirements of the bank's risk management framework
• Oversee completion of risk and control self-assessments at predefined intervals
• Support the technology leadership team with standardising first line control testing activities
• Provide first line oversight and challenge of operational risk events to ensure corrective and
preventative actions are completed in an accurate and timely manner
• Oversee the development, maintenance and testing of business continuity resilience and disaster
recovery plans
• Develop comprehensive, value-add management information to aid decision-making
• Collaborate with leadership forums and committees to support the execution of strategies and change
initiatives across the bank’s technological estate
• Function as an internal communications advisor on business control to ensure the banks culture
and strategy is consistently communicated across technology and risk ownership and accountability is
strengthened
• Ensure compliance with regulatory requirements
• Provide first line monitoring and analysis of KP eyes and KR eyes and risk appetite of metrics
• Coordinate and support delivery of important risk management initiatives
• Support the design and delivery of first line risk related training and awareness programmes

IT Risk & Controls Analyst

Sesame Bankhall Group-Manchester

July 2021 to January 2025

KEY ACHIEVEMENTS
• Supported, defined, and tested the IT operational and security control framework to meet business
protection and information technology local standards (ITIL, COBIT, ISO 27001/27002, NIST) by identifying
ineffective or gaps within existing controls, ensuring adherence to Aviva’s global standards, devising
remediation plans to improve critical controls, and creating new, robust controls for extra assurance,
resulting in 100% of IT Risks and Controls being effective and within tolerance.

RESPONSIBILITIES
• To define the SBG IT control requirements that align to the requirements of the IT Operational and
Security Standards set by our parent company Aviva.
• To support the implementation of process or system controls to meet defined IT standards.
• IT risk event management and issue mitigation ownership including root cause analysis.
• Conduct the testing and assessing of IT controls to evidence operational effectiveness, design
adequacy, and inform continuous improvement activity, and where controls are deemed ineffective, own
and drive the mitigating actions.
• To lead on major service outages.
• To be SME on IT Risk Management.
• To lead on the management of IT business continuity and disaster recovery.
• Conduct quality assurance to inform continuous improvement activity and adherence to procedures.
• Providing guidance, feedback, and support across SBG IT to ensure continuous identification,
assessment, and mitigation of risk across the business.
• Conducting risk assessments of all IT owned risks (for SME sign off).
• Understanding new standards requirements from our parent Aviva and devising mitigating actions to
see any gaps are met within a timely manner.
• Reporting and design of KRI’s, KPIs, and KCIs relating to IT owned risks.
• Assist 1st and 2nd risk management teams with assurance activities and internal audits and completion
of the Record of Processing Activity.
• Supporting the business with provision of MI, including IT operations dashboard, trend analysis, and
cyber threat intelligence.
• Managing external auditors when being audited.
• Risk management statistical reporting for the Head of IT Operations, the IT team, and the wider
business.
• To work with key stakeholders including external stakeholders to support information requests and
information security queries including Group Information Security Officer and external auditors.
• Build valuable relationships with peers in Aviva to understand best practices.
• To oversee or manage the policy, standard and process review schedule.
• To ensure the availability of risk and governance templates.
• To undertake ad hoc projects and duties as and when required, to support the needs of the business
or to achieve departmental objectives.
• To oversee or manage the IT Supplier relationship schedule.

Police Constable

Merseyside Police-Liverpool

November 2020 to June 2021

KEY ACHIEVEMENTS
• Was on course to attain 2:1 Honours during first year in Professional Policing
• Passed personal safety training.
RESPONSIBILITIES
• Respond to calls and requests from the public to assist at incidents.

Property Compliance Manager

SDL-Birmingham

September 2018 to November 2019

KEY ACHIEVEMENTS
• Received ‘New Build Property Management Team of The Year' award by News on The Block in 2018,
for achieving world class quality service, raising standards in risk and compliance assurance, customer
approachability, effective communication and efficient query handling.
• Improved performance and productivity of the team which resulted in raising the company’s overall
reputation among our customers, by engineering efficient and effective risk mitigation systems and
processes, resulting in 100% on-boarding compliance by Franchises and New Business of 100+
properties.

RESPONSIBILITIES
• Ensure that the services of residential and mixed-use estate management delivered to internal partners
are 100% compliant, by managing insurances, hard & soft service contracts, risk assessments, out of
hours and utility adoption
• Oversee and provide reassurance to the senior management via MI analysis that all systems and
procedures adhere to relevant regulatory, statutory requirements, championing and working towards
continuous improvement
• Manage the transition of any new business initiatives into our day-to-day business, ensuring they are
embedded via process mapping and modelling, standard operating procedures and templates, and R.A.G
workflows
• Lead by example promoting and championing a customer focused culture, delivering service
excellence, via email tracking and stakeholder engagement.
• Robustly manage and oversee customer services from A-to-Z, ensuring best value for them and our
company, by providing tracking strategies, and acting as 'gatekeeper' on risk and compliance issues

Education
A Level in English, History & Geography
Skills
• Technology Risk, Governance, Assurance, Compliance, Cyber Security, Information Security, Data
Protection, Service & Asset Management, Architecture, and Data & Digital Innovation.

Certifications and Licenses
CRISC - Certified in Risk and Information Systems Control (ISACA). 

MoR4 - Practitioner Certificate in Prince2 Risk Management (Axelos).
NCSC - Foundation Certificate in Cyber Security (APMG)
ITIL4 - Foundation Certificate in IT Service Management (Axelos).